bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/platforms/php/webapps/27110.txt
Offensive Security 3617e005f6 DB: 2017-01-12 
16 new exploits

VMware 2.5.1 - (VMware-authd) Remote Denial of Service
VMware 2.5.1 - 'VMware-authd' Remote Denial of Service
Adobe Flash Player 24.0.0.186 - 'ActionGetURL2' Out-of-Bounds Memory Corruption
Adobe Flash Player 24.0.0.186 - 'ActionGetURL2' Out-of-Bounds Memory Corruption (2)
Boxoft Wav 1.0 - Buffer Overflow
VideoLAN VLC Media Player 2.2.1 - 'DecodeAdpcmImaQT' Buffer Overflow

EleCard MPEG PLAYER - '.m3u' Local Stack Overflow
Elecard MPEG Player - '.m3u' Local Stack Overflow

Microsoft Windows Kernel - 'win32k.sys' 'NtSetWindowLongPtr' Privilege Escalation (MS16-135)
Microsoft Windows Kernel - 'win32k.sys' 'NtSetWindowLongPtr' Privilege Escalation (MS16-135) (1)

Boxoft WAV to MP3 Converter - convert Feature Buffer Overflow
Boxoft WAV to MP3 Converter - 'convert' Buffer Overflow
Microsoft Windows Kernel - 'win32k.sys' 'NtSetWindowLongPtr' Privilege Escalation (MS16-135) (2)
Microsoft Windows 8.1 (x64) - RGNOBJ Integer Overflow (MS16-098)
Cemu 1.6.4b - Information Leak + Buffer Overflow (Emulator Breakout)
Firejail - Privilege Escalation

McAfee Virus Scan Enterprise for Linux - Remote Code Execution
McAfee Virus Scan Enterprise for Linux 1.9.2 < 2.0.2 - Remote Code Execution

Ansible 2.1.4 / 2.2.1 - Command Execution

Eggblog < 3.07 - Remote SQL Injection / Privilege Escalation
EggBlog < 3.07 - Remote SQL Injection / Privilege Escalation

PowerClan 1.14a - (footer.inc.php) Remote File Inclusion
PowerClan 1.14a - 'footer.inc.php' Remote File Inclusion

Eggblog 3.1.0 - Cookies SQL Injection
EggBlog 3.1.0 - Cookies SQL Injection

eggBlog 4.0 - SQL Injection
EggBlog 4.0 - SQL Injection

2Capsule - 'sticker.php id' SQL Injection
2Capsule - SQL Injection

ASPThai.Net WebBoard 6.0 - (bview.asp) SQL Injection
ASPThai.Net WebBoard 6.0 - SQL Injection
Memberkit 1.0 - Remote Arbitrary .PHP File Upload
phpScribe 0.9 - (user.cfg) Remote Config Disclosure
Memberkit 1.0 - Arbitrary File Upload
phpScribe 0.9 - 'user.cfg' Remote Config Disclosure

PowerClan 1.14a - (Authentication Bypass) SQL Injection
PowerClan 1.14a - Authentication Bypass

Webspell 4 - (Authentication Bypass) SQL Injection
webSPELL 4 - Authentication Bypass

eggBlog 4.1.1 - Local Directory Traversal
EggBlog 4.1.1 - Local Directory Traversal

Travel Portal Script Admin Password Change - Cross-Site Request Forgery
Travel Portal Script - Cross-Site Request Forgery (Admin Password Change)

eggBlog 4.1.2 - Arbitrary File Upload
EggBlog 4.1.2 - Arbitrary File Upload
Eggblog 2.0 - blog.php id Parameter SQL Injection
Eggblog 2.0 - topic.php message Parameter Cross-Site Scripting
EggBlog 2.0 - 'id' Parameter SQL Injection
EggBlog 2.0 - 'message' Parameter Cross-Site Scripting

PowerClan 1.14 - member.php SQL Injection
PowerClan 1.14 - 'member.php' SQL Injection
SoftBizScripts Dating Script 1.0 - featured_photos.php browse Parameter SQL Injection
SoftBizScripts Dating Script 1.0 - products.php cid Parameter SQL Injection
SoftBizScripts Dating Script 1.0 - 'index.php' cid Parameter SQL Injection
SoftBizScripts Dating Script 1.0 - news_desc.php id Parameter SQL Injection
SoftBizScripts Dating Script 1.0 - 'featured_photos.php' SQL Injection
SoftBizScripts Dating Script 1.0 - 'products.php' SQL Injection
SoftBizScripts Dating Script 1.0 - 'index.php' SQL Injection
SoftBizScripts Dating Script 1.0 - 'news_desc.php' SQL Injection

Dating Script 3.25 - SQL Injection

Starting Page 1.3 - SQL Injection
Starting Page 1.3 - 'linkid' Parameter SQL Injection
Starting Page 1.3 - 'category' Parameter SQL Injection
My link trader 1.1 - 'id' Parameter SQL Injection
Blackboard LMS 9.1 SP14 - Cross-Site Scripting
Huawei Flybox B660 - Cross-Site Request Forgery
Travel Portal Script 9.33 - SQL Injection
Movie Portal Script 7.35 - SQL Injection
2017-01-12 05:01:16 +00:00

7 lines
No EOL
724 B
Text
Executable file
Raw Blame History

source: http://www.securityfocus.com/bid/16305/info
Eggblog is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
Successful exploitation of these vulnerabilities could result in a compromise of the application, disclosure or modification of data, the theft of cookie-based authentication credentials. They may also permit an attacker to exploit vulnerabilities in the underlying database implementation. An attacker could also exploit this issue to control how the site is rendered to the user; other attacks are also possible.
http://www.example.com/eggblog/home/blog.php?id=70'% 20union%20select% 201,2,3,4,5, 6,7/*
Reference in a new issue View git blame Copy permalink